Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

jfruh writes "We've learned many lessons in the fallout from Edward Snowden's whistleblowing and flight to Hong Kong, but here's an important one: Never make your sysadmin mad. Even if your organization isn't running a secret, civil-rights violating surveillance program, you're probably managing to annoy your admins in a number of more pedestrian ways that might still have blowback for you. Learn to stay on their good side by going along with their reasonable requests and being specific with your complaints."

I think that may be the first time I have seen "reasonable request" and "sysadmin" in the same sentence.
The sysadmins I encounter are invariably anything but reasonable. Aloof, patronizing, condescending... all of those. Most have a very narrow specialization niche and absolutely no social skills or business experience.
I have seen them reduce naive users to tears and effectively discourage any user from making a request of any kind.

I am a systems administrator. While I am an introvert (so I don't favor large social gatherings), I do actually have both CS and business degrees and have a broad specialization. I've also never intentionally reduced anyone to tears...

Carriers generally are http://en.wikipedia.org/wiki/Supercarrier [wikipedia.org]. The Nimitz class carriers are the largest US carrier to date http://www.naval-technology.com/projects/nimitz/ [naval-technology.com]. They displace somewhere around 70,000 long tons of water. They carry 82 aircraft, not to mention fuel, missiles, other ordinance. Even with all that they still have room for 6000 personnel. Take out the planes and ordinance you could probably cram 7000+ people in a Nimitz. The average number of employees a company has is roughly 16 http://answers.google.com/answers/threadview/id/279843.html [google.com]. If we assume that every company on this aircraft carrier employed 100 individuals then there would be room for 700 companies. So yes, he most likely worked for a dozen companies on that one carrier alone.

I was a psych minor, I don't think you know what an introvert means if that is your definition...

"The common modern perception is that introverts tend to be more reserved and less outspoken in groups. They often take pleasure in solitary activities such as reading, writing, using computers, hiking and fishing. The archetypal artist, writer, sculptor, engineer, composer and inventor are all highly introverted. An introvert is likely to enjoy time spent alone and find less reward in time spent with large groups of people, though he or she may enjoy interactions with close friends. Trust is usually an issue of significance: a virtue of utmost importance to an introvert is choosing a worthy companion. They prefer to concentrate on a single activity at a time and like to observe situations before they participate, especially observed in developing children and adolescents. They are more analytical before speaking. Introverts are easily overwhelmed by too much stimulation from social gatherings and engagement, introversion having even been defined by some in terms of a preference for a quiet, more minimally stimulating environment."

I don't recall anything in that modern definition as relating to 'expressing feelings' or 'sharing'.

After all the engineers looked at the psych departments ratio (1/ratio of the engineering school) and choose psych as our 'liberal arts focus area' the psych department asked the engineering department to stop.

We were blowing the curve for the first 3 psych courses, scaring off actual psych majors and treating the classes as dating pools. We had not yet learned to not stick our dicks into crazy (they don't get any crazier then psych majors).

The "while you are here buy me a pony" requests instead of going through channels does that to people if they don't have a thick enough skin. The games people play to try to get stuff directly from you that they have to get approval from their management to have can get on your nerves if you take it too seriously, which could mean snapping at the next poor sod that just isn't quite sure what they want.The number of "have you got a free screen I can take home for the kids" requests at often inconvenient tim

Watch what happens when two people, either of whom could fire both of us, issue demands that are diametrically opposed and mutually exclusive.

Watch when the new guy gets ignored by his team members and forgets that Google exists so he comes to us expecting days of basic training on how to do his job.

Watch when the workaholic engineer expects us to be there around the clock for everything from new machines to coffee runs as he compulsively works his 72-hour shifts.

Watch when we spend six hours fixing a machine somebody botched horribly because we told them to push button A then button B then button C, but they pushed button B then button A then button C. For the third time.

Watch when Mr. Hot Temper screams at us for 15 minutes because the network is down, even though not only are we not permitted to do anything with the network, we're not even allowed into the wiring closet.

Watch how we're never thanked for anything, but we're informed on a regular basis as to what people think our mothers did for a living.

Well, yes, but my experience is that even if I've never screamed at an admin, nor informed them of their mothers' extramarital activities, the majority seem to make it their duty to keep me from doing my job anyway.

In fact, for some (I'm looking at the fucktard duo administering the MQ server,) the nicer you are and more willing to explain why you need a queue for the application already approved by anyone who had a legitimate say, the more they'll abuse that and your time by MAKING you have to explain for weeks or get nothing from them. The guys who do tell them to STFU and do their own job, now those get what they asked for.

Now I have sympathy for admins, and understand that other people shit on their day. But WTH does it solve to in turn have them shit on MY day and my coworkers' day?

If X bullied admin Y, and Y bullies innocent bystander Z in turn, what did it solve, other than make an extra person unhappy? And how does the former even excuse the latter, anyway? Much less make it right. Two wrongs don't make a right.

Watch when Mr. Hot Temper screams at us for 15 minutes because the network is down

Anyone who decided his best move is to scream at me, is going to find themselves unemployed in short order. I am on extremely good terms with the head of HR.:)
Here is my suggested response to a screamer. Tell them calmly that you will not put up with such behaviour from anyone. Turn, walk away and report them to HR, or their boss. Most companies will not tolerate such behaviour.
If you do not get a good response, or the per

That works if you're only supporting technical staff. It's not much good when you're running a Helldesk in a non-IT-focused sector. The rest of the organisation may be the best in the world at whatever they are hired to do, but that doesn't mean they can work out which way up a DVD goes.

I worked one of those places. They had a lease on the copiers and the lease included things like toner and such, with a number on every copier to the office manager, and directions to call if there was a problem, low toner, out of paper, etc. But the "experts" at marketing would fill it up with paper, getting lots of jams, and change the toner themselves, breaking the printer and toner cartridge (yes, I know that's hard to do, but they managed), and calling the IT department when things went bad. We'd call the office manager. So many people there had the idea that if it had an electric cord, IT was in charge of it, from coffee machine to light bulbs, it was all IT. Educating them made them mad, and they'd threaten to call the president on you (not CEO, but Barak). God I'm happy I don't have to deal with users anymore.

One place I was working for had the 'if it uses electricity it's IT' attitude, it's how I suddenly had to be support for the phone system... Not a VOIP system, but an honest to god phone system with electrical switching. They went so far as to cancel their support contract from the phone company. My reply of 'I'm not a electrician or a phone tech!' didn't do any good what so ever.

I don't mind a broad scope of support – as long as it comes with appropriate staffing levels. It's when you ask a single person to be the sysadmin, helpdesk, and facilities manager that you start to run into problems. If you hire 3 generalists who can share all these duties (even though some might be better in some areas than others), then that's fine. But trying to put half the business on the shoulders of one underpaid (and probably understandably disgruntled) employee is a recipe for trouble.

To take things a step further, IT works behind a door that only IT badges can open, and their only (public) phone number is just a human who will create a ticket for you (if for example, your problem is that your PC won't boot, so you can't create a ticket yourself).

You do realize that you've set up your department to be outsourced? If you have no real connection to the rest of the business except through trouble tickets, then there's no real benefit to your department being in-house at all.

IT should be actively engaged with the rest of the business, trying to find ways to make things work better for everyone. That's our job: to make other people's jobs more efficient (and easier).

IT should be actively engaged with the rest of the business, trying to find ways to make things work better for everyone. That's our job: to make other people's jobs more efficient (and easier).

I would agree. I walk through every morning saying hello to everybody and asking if everything is working properly. Everybody knows I am the IT guy and has me do stuff right then rather than getting frustrated with whatever is not working. I may not actually get everything fixed any quicker than if I only fielded tickets, but the perception that it is getting done quicker is there. Meanwhile, the workers are all happy and doing work, which means their managers are happy so they tell my manager what a wonderful job I'm doing instead of yelling at him, which means my manager is happy. Meanwhile, I get written recommendations, cookies, gift cards, and the knowledge of all the secret office candy stashes.

The worst is when you do something to help out a friend. They insist on paying you. For 5 hours work they gave me $20. Fuckers will never get any help ever again. I would have been fine doing it for free. But if you pay me (so you don't owe me a favor), you have to _pay_ me.

I'm sorry, our last IT issued anteater is busy down in marketing, I've forwarded your message to the office manager for a vacuum rental, hopefully this time it won't be another penis pump, I've contacted OSHA about the safety of sharing penis pumps, but have received no response on the health risks.

That's nice when available, but it's really quite shocking how many adult children are in the workforce. It would be better if we could fire the lot and replace them with actual children. At least that way there would still be hope they may grow out of it.

Takes years of neglect and careful abandonment to make a BOFH. You have to be exposed to the worst of human behavior, on a daily basis, for years, with no possible outlet, and no compensation / consideration, before a BOFH is born. At some point, the human mind gets tired of playing defense, and goes on the offense. Voila, a BOFH is born. Granted, it does give rise to superior forms of character disorders, but then, when surrounded by people who themselves employ or adopt character disorders as offensive weapons...

I've seen a lot of behaviors from my employers that I definitely think qualify as treating them badly (which is why I'm in development instead). Some of the practices:- Demand that sysadmins be on call at all times. As in 24x7x365. Sysadmins are expected to be ready to deal with a perceived emergency at 2 AM on Christmas morning.- Demand that sysadmins work in the wee hours with no extra compensation, including time off during the day afterwords.- For that matter, regular demands of overtime.- Refusing to accept a sysadmin's recommendation, and then blaming (and in more extreme cases firing) the sysadmin when a different plan fails.- Having a career path that dead-ends at the team lead level (this one is pretty common among all IT-related professions, actually).

I.T. isn't there to make a profit, it's a cost centre that's there provide what's needed for others to make a profit. The more other sections need expensive stuff from it the more it becomes a "money sink hole". The other things you've described happen when I.T. becomes too isolated. However in large places I.T. is rarely able to spend at the whim of every junior employee so if it doesn't go through somebody high enough up the ladder to have a budget for more than a single

A lot of the "I.T. won't buy me a pony" bullshit is because a company expects managers to decide if the junior staff get a pony or not, and when they don't get one they decide to make an end run around their management and try to get it from I.T.

That is different where I'm currently working, because departments foot the bill, not I.T. Effectively, it is something like: "department pays for a race horse but I.T. keeps it, and gives you their old pony instead." And their argument is "pony's fully compatible, it also has four hooves!"

too true. I had an tech that worked for me as both a student and as a regular employee. He had the patience of Job when working with end users. He would listen to them and work hard to understand what they were saying, what they wanted, what their problem was even when they really couldn't articulate it themselves. He went that extra mile to make folks happy....but without enabling bad behavior - he was good at nudging folks in the proper direction. He was a tenacious troubleshooter, wanted to know the root cause of a problem and how to prevent it, not just a quick fix or a work-around. I could throw anything at him, and let him run with it. And he did it all with a smile, but was not a pushover for the users.

told you that to tell you this

The layoff scythe swept across our college and he was mowed-down. He did find a position in the University's central IT department. It was hoped by some that his work ethic and attitude would improve central IT support...and it did for a time, but the corrosive environment, infighting, and court intrigue has ground him down. To say that he is still a damn-sight better than the rest of their staff would be damning with faint praise, but he still is. He is also more BOFH than the excellent worker I sent over there.

Wasn't the end users that broke him, was the brain-dead management and sheer laziness and incompetence of his "colleagues" that did it.

Takes years of neglect and careful abandonment to make a BOFH. You have to be exposed to the worst of human behavior, on a daily basis, for years, with no possible outlet, and no compensation / consideration, before a BOFH is born.

If this is true, then I was already a BOFH by the time I was 14. It's truly a wonder that I didn't turn into some sort of homicidal maniac (there is always the future though...).

[If you are curious, I grew up in a small town (2500 people) and went to a small K-12 school (80-120 students per grade). I was picked on, teased, and made to be the butt of every joke, non-stop by 90% of my "peers", from kindergarten all the way though 11th grade (it was the same group of "peers" for the whole 12 years). Even the few people who had been my friends at a young age had become my tormenters by the time we hit junior high. There is nothing worse than being tormented daily by people who know you well enough to know the very best ways to make you suffer. The recent rash of school shootings in the US proves that my childhood situation wasn't entirely unique (and shows that the problem is getting worse), the only difference in my case being a lack of easy access to weapons.I still get bad anxiety in social situations even now, at age 34, due to being ridiculed and rejected so often as a child. This isn't the typical "social anxiety" that many people seem to suffer from, I have no problem with large crowds or total strangers, it's only the small "friendly" social groups (workplace, bar, etc) that make me want to hide/run away, because I feel as though I will never be able to fit in or be accepted by the group.]

If a syadmin is abusing their position of power then they need to be removed. That's it. There's no petty revenge or "blowback" to consider.

It's no different to other jobs where people hold a position of power (e.g., police officer, principal, medical doctor, judge, etc). We expect and demand that those people behave professionally and appropriately at all times (even when they don't like you). Just because a computer is involved doesn't excuse a system administrator from being held to the same professional standards.

If a syadmin is abusing their position of power then they need to be removed. That's it. There's no petty revenge or "blowback" to consider.

It's no different to other jobs where people hold a position of power (e.g., police officer, principal, medical doctor, judge, etc). We expect and demand that those people behave professionally and appropriately at all times (even when they don't like you). Just because a computer is involved doesn't excuse a system administrator from being held to the same professional standards.

Agree 100%, but that doesn't make the point about don't make your sysadmin hate you. It would not be a good idea to make a police officer, principal, medical doctor, or judge hate you. Sure their professional ethics mean that they should put this to one side when dealing with you, and they could get in trouble if they didn't... but I wouldn't go picking a fight with one just in case

Sure, but by then the damage is likely done. And if the environment that pushed the sysadmin to the dark side remains in place, it will happen again and again.

If ONE sysadmin goes bad, it's likely (but not necessarily) his fault and his breach of professionalism. If it keeps happening, then it's the employer's fault and it is the employer who has breached professionalism.

but somehow in most companies financial department is treated with extra care. somehow. maybe because they are exposed to quite a lot of sensitive, internal information.just because money (wages etc) is involved...;)

If a syadmin is abusing their position of power then they need to be removed. That's it. There's no petty revenge or "blowback" to consider.

It's no different to other jobs where people hold a position of power (e.g., police officer, principal, medical doctor, judge, etc). We expect and demand that those people behave professionally and appropriately at all times (even when they don't like you). Just because a computer is involved doesn't excuse a system administrator from being held to the same professional standards.

There's a difference between abusing power and being fair to all users. If one department or individual continually makes "emergency" last minute requests that they could have made weeks or even months ago, then making everyone else wait while you service the "emergency" request is unfair. So it's not abusing power if a sysadmin team refuses to scramble around to accommodate unreasonable last minute requests. A former manager was fond of responding to those requests with "Lack of planning on your part does

That does make me wonder if he's not the sort of authoritarian human tornado who thinks the sysadmin is being "unprofessional" and "insubordinate" when he won't roll back one of those Java security updates that broke the boss' MineCraft game.

We've learned many lessons in the fallout from Edward Snowden's whistleblowing and flight to Hong Kong, but here's an important one: Never make your sysadmin mad.

What a silly excuse for linking to (in itself a reasonably good) article on how to relate to sysadmins and IT support in general.

And for those who are not sysadmins: Sysadmins do NOT reveal your company's secrets because some user bypassed the helpdesk system, or run some test code on a production system.

However, nobody should not tolerate that their employer engage in illegal activities. I am not paid to break the law, neither are you. But that is no no way related to being a sysadmin or any other specific position. It is part of being a decent human being.

Nu-uh. It says it right there in the summary. Snowden leaked information about PRISM because "5. You make urgent, last-minute requests." It had nothing whatsoever to do with having evidence of a massive, illegal, covert surveillance operation being conducted against the American people by its own government.

Sorry, there's difference between "goverment does legal stuff which I don't like" which is completely reasonable claim, and actual criminal activity by goverment which seems not to be a case. But it's politics, and we don't like politics, do we?:)

Seriously, people, get your act together. Some parts of Patriot act maybe is anticonstitutional, and must be repealed, however acting on current set of laws (not how immoral or injust they are) is not criminal. Saying it is bad is enough for your emotional message

Nothing wrong with a last minute request if it was unavoidable. However, if you had time to report it before, you should have done that. If you know it's not urgent, don't pretend it is, because we can tell, and we will remember your lies.

We've learned many lessons in the fallout from Edward Snowden's whistleblowing and flight to Hong Kong, but here's an important one: Never make your sysadmin mad.

What a silly excuse for linking to (in itself a reasonably good) article on how to relate to sysadmins and IT support in general.

I agree. The summary seems to be trivializing NSA's illegal actions. It also seems to be ignoring the ethical dilemma that can arise when you come to find out that your own organization/company/boss/colleagues are acting criminally.

I have been asked to break the law by a previous employer a few years ago. They asked me to build a back door into website that was work for hire for a directory services. My boss wanted to be able to do a data dump or their directory after the site went live. He tried various means of offering to host the site for them for free but they obviously refused as they did not trust him. Ultimately, I left, very quickly and very shortly after that. I had no notice period anyway so just found a differ

Forcing people to use mandatory processes? Well, whatever next? Why does turning up for work when you have a hangover from the night before have to be mandatory? Doesn't suit your problems very well?

For every person's problem that's fixed by altering a process, it may well be that hundreds are adversely affected by that change. In an enterprise, there are often checks and processes in place to ensure that hundreds of projects and tasks can occur simultaneously, all being balanced and prioritised. What the company needs to happen will happen, when it's appropriate that it happens, in the interests of the company.

If you have a solution, present it as a business case. Sometimes, you may find you were right. Mostly, you'll get your eyes opened to a wider picture than you normally see, and the explanation "we don't do that, because it doesn't work under the majority of circumstances we face in the big picture".

Only sometimes. For example, a standalone system with a tape drive. The data is backed up, but rather than just doing a quick restore to a new system, you have to shoehorn that tape drive in long enough to do the restore. Or, the machine is so outdated that the new system is VERY different and requires a lot of re-configuration and tweaking rather than just being a little different.

yes, both of those situations represent an accident waiting to happen in the event of a hardware failure. The sysadmin can't MA

From someone who's more of a user than a sysadmin: and what about unreasonable requests and lack of knowledge?

In fact, who defines what constitutes a reasonable request, and what's an abuse of power, however slight or ambiguous that abuse may be (say, banning Facebook: sure, employees shouldn't waste company time, but what about downtime when they are between projects or tasks, and have nothing to do)?

What about cases where the user can simply not elaborate on their problem? For all they know, Word is just

But the sysadmin's time is limited. He also only works XX hours a week. And his day also only has 24 hours. If everyone sees themselves in the right to write to the sysadmin because Firefox is slow, because the password isn't working anymore, because... then the real problems can't get fixed (e.g. a screwed up backup policy left by the previous sysadmin, or a failing front end machine who needs to be transferred to new hardware).

Sure, the user doesn't know why Word isn't working, and he thinks he can just write that guy we met last Christmas party. Turns out, that guy is the Linux guy at the company and he doesn't know either, nor does he care. Now he has to forward that email to the helpdesk himself! If the Help Desk is properly implemented, then going through it is the easiest way for the regular user. Not only it gets him to the right person, but when it does, the right person may already have all the information he needs (because the first level guy asked for a snapshot of the error Word gives).

Indeed, sysadmins are just a cog in the machine. But so is the secretary of the assistant director of whatever. And by screwing up everything, you can't let those cogs perform at their best. You also expect the secretary will tell her boss "You have a meeting at 2 pm with person X in building Y" and not just "you have a meeting today" and wait for his questions "when? where? with whom?" (or the same in reverse when he asks her to put something in the agenda)

I didn't mean going around Helpdesk, like you make it out to be, I meant the part about being specific in my requests. How could I be specific if all I can see, as an average office worker, that whenever I try to print to PDF, Word pops up the red X and spits out 123 screens of code on the level of the Voynich Manuscript, completely unreadable to the uninitiated.Conversely, the secretary does have all the necessary information at her disposal, she just has to present it, and the reverse also applies when th

With all due respect, I am a system administrator (doesn't matter what kind for the subject at hand) and you should see the kind of things people expect me to do. People have no idea what my job is, they just know I'm good with computers. And they know the have problems with their computer. Which that just makes us a perfect fit for each other...

They are there to make sure the accountants, marketeers, and others who can make money for the company can do their jobs.

How exactly do accountants and marketeers make money for the company? Marketeers arguably have an impact on sales even if they do not make them, and they can be an important differentiating factor in a company. But accountants surely are part of the plumbing, just like IT. And more so than accounting, IT can also be a differentiator even in non-tech firms.

If there is someone in your company, who is in a position that management can not show is making the company money, then the problem is that said person should not be in the company, or optionally you have incompetent managment.

You may think that most IT staff in a non-technological company is not making money, but someone along the line did something you are unable to. They looked at the ability of each individual that you think is 'making money' for the company, and evaluated whether that person would be able to make more than the cost of the additional support person if a support person was hired, and what the expected return on investment in that person would be before they even opened that position for a manager.

_Every_ person working at a company is expected to contribute to the company's botom line. If they are in a position that doesn't contribute in some way or another, they don't belong.

And if you continue to treat your IT staff as if they don't belong to the company, because you are incompetent enough that you don't understand how vital your IT department is to your company, you are contributing to the sense that your IT staff doesn't belong, and you should expect that your IT staff will recognize that, and treat you like the enemy of your company that you are treating them as. And if you are in upper management and are treating your IT staff this way, you should expect no loyalty from anyone in your IT staff.

And in your example, the user does know more than 'Word is just not working right.' they know that when they attempt to print a PDF, Word does something unexpected. (put up a dialog with strange content, closes, makes the screen start doing odd things...) In most cases the fact that the user can only say 'Word is not working right' means that an IT tech has to come to the desk the user is at, or possibly gain remote access through an internally approved remote desktop support platform, and find out exactly what the user is doing that causes the problem to happen.

As for Facebook or other social sites, it's very rare that your IT department has specified those decisions. Almost everyone in your IT department knows full well that social websites, news sites, and e-mail sites on the web are almost invariable safer for your computer than the internal e-mail system and very likely the intranet environment that you have in house. In almost every case, the reason that your corporate policies marke these resources off limits has to do with the perception of the people making policy with respect to what they expect that employees will be doing on these sites, and how that will affect performance. In some companies there may be liability issues as well related to the possibility that internal information may end up becoming generally available on the internet, which can open the company to liability for privacy issues through insider trading issues and worse.

At one job I spent a lot of time trying to circumvent the helpdesk. Did you know that if network policy forbids you to have automated login after a reboot, you can still do it? Just make a script that sets the correct registry keys, and use the feature where you can run scripts on computer shutdown. The network won't have time to overwrite the registry again. Even the power saving settings of the computer were "administrator only", and we had hundreds of PCs displaying flashy screensavers all night long

Both are acceptable providing you schedule your problem as lowest priority. If you submit a ticket, you expect the admin to start working in the earnest, soon. If you signal a problem: "My machine sucks, probably not enough RAM and generally old" you signal the admin to consider you in the next round of purchases. If you say "Wifi reach is dodgy", they will adjust the layout of access points with the next upgrade. "My ethernet cable is loose" - next time they do something in your room, they will replace the plug. It's preferable to a full-blown ticket.

3. You abuse your rights, 4. You do not upgrade.

You want to run obsolete system as root? Be my guest. I may even serve you some advices for free. Still, if I shrug and say "I don't know, you're on your own" you're on your own. I can always get you an upgraded system with limited privileges if you grow tired of trying to fix it yourself.

5. You make urgent, last-minute requests

Scheduled. Expect answer within three workdays.

6. You waste your admin's time

Scheduled. Expect answer within three workdays.

7. You test code on production systems:

You broke it, you take the flak. I can fix it for you if you ask really nice.

8. You make personal requests:

Reward appropriately. Don't expect the admin to do your private work for free.

9. You take your admin for granted:

More importantly - if everything works, don't find work for "slacking" admins. If you see an admin who is constantly busy, he's a poor admin, fixing everything constantly. A good admin slacks all day while all their work is done automatically.

The only time I had a sysadmin hate me it was more due to me documenting their dangerous incompetence.

After a security hole was found in our multi-million daily users web application I was given a project to look into other potential security issues with the application. After trying SQL injection, cross-site scripting, and other fun stuff I started to poke into the application server it was running on, and a quick read through the documentation told me how to get diagnostic information from the system- unless it's been disabled as part of the standard installation process. I try it on my dev server, and get the info- not a problem. I try it on the test server and it's the same. I then try the staging server, which should be a copy of the live service, and start to get scared.

After a quick chat with my manager as I wanted to be covered should the system flag me as an attacker I try it on the live service from an external IP address, again the diagnostics appear. I now had our database schema, the network architecture of the live service, and a lot of configuration details. My manager, who'd been watching over my shoulder as they'd become curious now, suggested we test this properly. I used my non-work mobile and called the sysadmin and, using only the details on screen, convinced him I was a database admin from elsewhere in the company working off-site. He was very helpful, I soon had a nicely unofficial SSH tunnel into the network set up for me, a temporary user account on all of the live servers, and root access to the live database with all of our customer details.

Oddly enough the sysadmin didn't think it fair that we'd 'tricked' him, and said that no one would normally see that information and think to do what I'd just done.

Most sysadmins I've worked with have been very good, and the in-department one I'm working with at the moment is absolutely amazing. It's not the case with all sysadmins though, some of them don't need users running random software as root to make things go stupid.

So, who in the company was the "head of information security"? This is a role that not many think to introduce, and without it, sysadmins who excel in some areas may miss some of the hardening aspects. Hell, if you've got a 'regular' sysadmin who just installs database engines on boxes as well, you don't even have a DBA. That's two corporate strikes on good business practice (the problem goes deeper than the sysadmin; if there was only one full stop, then I'm wondering just how much he was running round

If you are a sysadmin who hates his job and/or employer and you are worth your salt, you find a new job, leave, and let all the people you know why you left. Leave little notes on the system and in the documentation that lets your successor know why you left. You don't do petty, unethical, and possibly criminal things.
People who do that shit are the reason IT people have a bad reputation. Grow the fuck up, assholes. Either suck it and do your job or find a new job, quit, and leave them without stealing or destroying data or creating more problems for them and the person or people who will be replacing you.

I'm a software developer (actually, supervisor of a software development team) at a large multinational that isn't explicitly a software development company. Most people on our network require access to deal with Microsoft Office, our SAP system and a few random databases of stuff with web front ends. Because this is what 'most' employees need, our IT can be strongly against requests that go outside of this.

For doing my job (writing software), I require a Windows system with Administrator rights. This would not be allowed on our corporate network due to policy rules (okay, I get this) so I am a part of a separate network for doing this. However, in order to read my email, I ALSO have to have a computer on our corporate network. One extra box sitting on my desk purely for reading and replying to email. I could use our webmail, but it's pretty cumbersome. When I asked if they could set up IMAP access so I could get rid of the pointless extra box on my desk, the answer was that IMAP is a security hole and for policy reasons, they won't do so.

A part of my job is writing software for mobile devices. In order to test on real devices, I need wireless access. Policy states that no wireless device can be set up other than by IT. IT refuses to touch anything on my separate network; but STILL enforced the policy that if I set up wireless, I'd be getting a very stern talking to by the HR department. Eventually it got sorted, but not before management stepped in due to project delays caused by me and my team only being able to do real device testing AT HOME...

When I decided that my team needed better mouses and keyboards since I myself was noticing some hand strain, I put an order in to our system. Management approved the purchase and it was all fine. IT then blocked it saying that they supply our standard equipment from Dell and we shouldn't be ordering IT equipment separately. It was only after several days of arguing back and forth that they let the purchase order go through on grounds that since it's for my 'separate network' it's not counted as "IT equipment". That also means though that my development PC has a nice mouse and keyboard; but the one I use for email still has a really crappy thing supplied by our IT department and can never change.

I don't have so much to truly complain about, since I do get what I want/need eventually, but from my point of view, they do get in the way of us doing our jobs far more than they help. And I do understand their reasoning - we're a special case and they do a fine job for the other 99% of the company who don't have our requirements. I just wish they'd be a bit more open to working with us instead of actively fighting against us at every turn.

When I decided that my team needed better mouses and keyboards since I myself was noticing some hand strain, I put an order in to our system. Management approved the purchase and it was all fine. IT then blocked it saying that they supply our standard equipment from Dell and we shouldn't be ordering IT equipment separately

Sounds like IT is 100% right on this one. When you needed computer-related gear, why didn't you talk to IT at the start? Why are you doing separate purchases of equipment? There's a mil

You are IT just at another section... try working WITH the rest of the team.

Nope - officially Software Development in my organisation belongs to "Service and Support", which is the division responsible for providing service to our customers for our products. The "IT Department" is strictly an internal department - they don't deal with our customers; but rather are responsible for taking care of IT systems within the organisation.

You do realize that IT policy managers are the police of the corporation along with the safety manager, HR, legal, etc. They exist to keep employees from breaking the law and doing serious harm to the company. They work for the corporation, not you.

I understand that and accept that. I accept when there are things that for policy reasons are not possible, even if they'd make my life easier. Things l

Since it's my job to 'do my job' I feel I should be entitled to the tools and environment that allows me to do so. If I don't get the tools and environment to do my job, then I refuse to accept responsibility for not getting it done.

Since I actually have pride in my company (and feel that in return, the company treats me with respect in general) and am not just some mercenary out for the money only, I CARE about doing a good job. If I didn't, I'd just sit back and every time someone asks me why the project isn't done yet just say "because IT won't let us". It'd be easier, but significantly less fulfilling.

Disgruntled sysadmins may do many things, many of them poorly thought out or likely to result in bad consequences. But they don't hole up in a hotel room in Hong Kong and publish dirt on the NSA spying program because their users are annoying.

More to the point, if someone is willing to throw the rest of their life away on whistleblowing, then their motivation goes way beyond poor job satisfaction, and a less frustrating work environment is not going to dissuade them.

He hates anyone that has enough knowledge to question his decisions. Kinda like Religion using Latin to keep their underlings in darkness in the time of the Inquisition.

Or maybe there are just too many who THINK they know more than the sysadmin and who question his work as if they do know more than him.
And those "decisions" are most likely not made by the sysadmin, but by his manager, or your manager or simply they are the result of having to make the best out of limited resources.

When a sysadmin decides that 3 days of rolling backups is plenty, then yes. I know more than he does. I've known some great system admins, and I've know some completely incompetent ones. The problem is that due to their position, the incompetent ones can hide their incompetence from management for a very long time.

If you have a question about a password reset, then it is cheaper to go through the Helpdesk, this is not about arrogance (for most anyway), let the sysadmin solve the tough problems, let him update his hard and software.You don't ask a brainsurgeon about a pimple.

I'd like to see those sysadmin having a problem with their checks and being told "no no, you can't talk to anyone in HR or the payroll department directly, are you crazy? Please open a ticket and wait for a reply, an intern will get back to you in 24 hours or less".

We have a system like that. Works quite well, actually, because I do not need to know who exactly in HR or payroll to talk to. Saves me time, saves them time and I get my problems fixed.

Hardly -> sysadmins just realize that 99% of all user problems can be solved by the help-desk, and be done in a more pleasant manner than a sysadmin will do it. A sysadmin's speech and mannerisms are not laden with the fluff language that people consider being polite -> they have a lot of things to accomplish during the day, are perpetually running behind schedule, and tend to interact with people who understand that when a sysadmin says "Do this," there is a "Please" prefixed to it. We've tried it the other way, with people having constant contact with sysadmins, and people bitched incessantly that they weren't communicative enough (a sysadmin knows exactly what he / she is talking about, spending 30 minutes looking for an analogy to explain something to someone who thinks the monitor is the computer is really stressful) or that they weren't servicing them fast enough (sysadmin has a server go down, needs to get it back up; someone complains that the sysadmin wasn't working on their laptop during that time).

And yes, those sysadmins do run into problems with other departments. Surprise! When they need to call an equipment manufacturer to get some firmware only available by phone call, and need to sit through the various escalations and so on, they feel the pain. It really isn't them purposefully being dicks to you, it really is a limited resource / time thing. Why not stock the help desk with sysadmins, instead of low-level techs? Because it would cost too much.

Everyone wants access to the people who can solve their problems in a few snaps of a finger, or who can remove a lot of the 'unnecessary work' that they are going to encounter. But that means in a company of 200 people at least 20 people dropping by for a 10 minute chat per day. Companies / organizations, who actually pay the sysadmin's salary, want him / her working where they will do the most good for the company; everyone below VP or CEO gets the help desk, everyone above gets the sysadmin. It sucks, and you'll see sysadmins volunteer their time to help out with more trivial problems when they have nothing else on their platter, but that's something of a rarity.

Do you know what sysadmins do? Are they just a better version of tech support so far as you are concerned? Consider a network admin -> to a user, they look like a very highly priced tech support guy; to anyone with any knowledge of tech, that doesn't even begin to describe what they do. They're management. They have purchase power, they plan future designs, they execute those implementations, etc. They report to the IT director, or the CIO, or the CEO. But to the average user, they're just a funny guy with eclectic tastes, who knows the ins and outs of the entire network, and is the guy they want to fix all their problems, personally. A funny guy, who's there at weird hours sometimes...who has access to every room....all emails, voicemails, etc....and which those who actually understand what his / her duties are, tend to avoid getting on their bad-side, even if their professionalism practically guarantees that they'd never do anything in retaliation. A funny guy who usually reports to the IT director, or to the CIO, or the CEO directly.

It's not that nobody should be able to reach them. As an sysadmin role myself at the mo (I've worked in most jobs in IT over the years), it's a case that I've only got time to field a limited set of things. These are the things that change the big picture in the infrastructure, and that's what takes most of my time.

I'd like to be able to help out more with the individual systems, seriously... The techs that get to go out and fix the small problems are the knights in shining armour; they get to fix the smaller mistakes that users get themselves into (oops, I accidentally deleted some files, oh my PC works again now you've fixed it, so on).The people that do know me are the heads of departments; they filter in requests that make a business sense to them, and request that they be implemented as a technical solution. Things relevant to the business in the wider scope make it to me.

When I took on the role, it had an inordinate amount of calls from users who wanted to short circuit the help desk (no logging means we can't prove we've done the work to the accountants for a start). Everyone's work, to them, is top priority, after all, it's they who are affected. It took a while to get that under control, and even to people who I consider friends in the organisation, if it's one PC that's affected, it really isn't my problem. If a thousand are, it probably is my problem.

To run a company, roles need a frame of reference. Some make the mistake of believing their frame is the whole of everything that is (hint, it's not). The further you work from your core frame, the less effective you are at doing the core work. If you find your strengths are in a different frame, you're in the wrong job, so change that.

Assuming you should be able to go direct to the admin assumes you know the technical impact of the problem you have (in the enterprise wide scope), know exactly how to describe it, how it's impacting every other system, the amount of users affected and a whole host of things (which is a picture that's built up by the Helpdesk and escalates through the technicians). If you've spent time doing that, what have you been doing in your real job? There may be many people with your level of skill also phoning the help desk, and they may have different views and conclusions based on a different geographic/business perspective.Doing things the right way lets an accurate picture be built. If all 5k+ staff phoned me in a huge incident, I'd neither be able to get a real picture of it, communicate with the people I needed to, nor actually talk to most people. I'd also not be fixing the problem, which is the real kicker.

Incidentally, HR does work that way; it's the only way they can research the query, and give me an accurate answer that lets me work on a factual basis (rather than "Oh, I seem to remember that it's something to do with X. Probably. Bye then."

Actually that is exactly what I would expect from HR. I would expect to send mail to a shared mailbox and get a response in a timely manor. I know there is probably only one or two payroll people and expecting them to drop what they are doing and talk to me right now makes no sense. First supposed I did not get my direct deposit Friday. Its Monday morning, what am I going to do get a paper check from them leave the office and take it directly to the bank where it won't clear for a day anyway? No. So

It's really about the appropriate allocation of resources and the avoidance of waste. If person A makes $100,000 a year and person B makes $35,000 a year you have a significant cost savings from having person B perform a given task. This logic is why we have Secretaries and teams at work sites are typically composed of a mix of experience and skill levels.

It's a little bit like asking a master mechanic to change your oil, they are perfectly capable of doing the job, but you should really have the high schoo

Indeed they don't. They serve the interests of the company. You as an individual are not the company nor are you or your department the most imporant part of the company (not even considering whatever reason you may think you have).

nor are they there to help me and my colleagues get the job done.

Indeed they are not. They are there to help you, your colleagues and every other employee in the company get their job done right.

They are there first and foremost to justify their own existence, to increase their presence, and to make their job as easy as possible. Actually helping us is secondary.

Indeed they are. Their performance is judged by cost, just like your own department. You may be in a department that also generates profit but IT departments don't generate profits and are judged primarily by cost. Cost is probably why they calculated supporting your old printer is more expensive than sharing a single printer with outsourced maintenance. Feel free to increase the cost of your own department by giving the IT department money to supply you with a new printer and the additional expenses required to support it.

I'm pretty sure that I could hack together something that could install java patches on a cluster if I had to do it manually over and over again,so maybe it's not only the java installer that's crappy ?